Deeplinks Blog posts about Computer Fraud And Abuse Act Reform

Three judges of the Ninth Circuit Court of Appeals have taken a step back from criminalizing password sharing, limiting the dangerous rationale of a decision issued by a panel of three different judges of the same court last week. That’s good, but the new decision leaves so many unanswered questions that it’s clear we need en banc review of both cases—i.e., by 11 judges, not just three—so the court can issue a clear and limited interpretation of the notoriously vague federal hacking statute at the heart of both cases, the Computer Fraud and Abuse Act (CFAA).

Last week, the Ninth Circuit Court of Appeals, in a case called United States v. Nosal,held 2-1 that using someone else’s password, even with their knowledge and permission, is a federal criminal offense. This dangerous ruling threatens to upend a good decision that the Ninth Circuit sitting en banc—i.e., with 11 judges, not just 3—made in 2012 in the same case. EFF filed an amicus brief in the case and our arguments were echoed by the strong dissent, authored by Judge Stephen Reinhardt.

Rhode Island legislators recently decided not to advance a bill that would have made that state’s bad “anti-hacking” law even worse. This is good news. But the struggle continues against other vague and overbroad computer crime laws.

EFF and over a dozen other organizations are urging U.S. lawmakers to oppose a dangerous bill proposed by Sens. Sheldon Whitehouse and Lindsey Graham that would make the already-flawed Computer Fraud and Abuse Act (CFAA) worse. The joint letter sent Wednesday explains that the legislation fails to address any of the CFAA’s problems while simply creating more confusion. Although the proposal is ostensibly directed at stopping botnets, it includes various provisions that go far beyond protecting against such attacks.

The Computer Fraud and Abuse Act (CFAA), the federal “anti-hacking” statute, is long overdue for reform. The 1986 law—which was prompted in part by fear generated by the 1983 techno­thriller WarGames—is vague, draconian, and notoriously out of touch with how we use computers today. Unfortunately, Sens. Sheldon Whitehouse and Lindsey Graham are on a mission to make things worse. They've proposed (for the second time) legislation that fails to address any of the CFAA’s problems while simply creating more confusion. And they may try to sneak their proposal through as an amendment to the Email Privacy Act—the very same sneaky tactic they tried last year.